I ditched Docker for Podman

(codesmash.dev)

1101 points codesmash | 1 comments | 05 Sep 25 11:56 UTC | HN request time: 0.216s | source

Show context

Tajnymag ◴[05 Sep 25 12:23 UTC] No.45137696[source]▶

I've wanted to migrate multiple times. Unfortunately, it failed on multiple places.

Firstly, podman had a much worse performance compared to docker on my small cloud vps. Can't really go into details though.

Secondly, the development ecosystem isn't really fully there yet. Many tools utilizing Docker via its socket, fail to work reliably with podman. Either because the API differs or because of permission limitations. Sure, the tools could probably work around those limitations, but they haven't and podman isn't a direct 1:1 drop in replacement.

replies(3): >>45137765 #>>45137786 #>>45138642 #

anilakar ◴[05 Sep 25 12:32 UTC] No.45137765[source]▶

>>45137696 #

SELinux-related permission errors are an endless nuisance with podman and quadlet. If you want to sandbox about anything it's easier to create a pod with full host permissions and necessary /dev/ files mounted, running a simple program that exposes minimal functionality over an isolated container network.

replies(1): >>45138399 #

1. Aluminum0643 ◴[05 Sep 25 13:35 UTC] No.45138399[source]▶

>>45137765 #

Udica, plus maybe ausearch | audit2allow -C, makes it easy to generate SELinux policies for containers (works great for me on RHEL10-like distros)

https://www.redhat.com/en/blog/generate-selinux-policies-con...

↑